# Privacy Policy **Effective Date:** March 29, 2026 **Last Updated:** March 29, 2026 --- ## 1. Introduction Welcome to Monetoli ("Service," "Platform," "we," "us," or "our"). This Privacy Policy explains how "DIGITAL ADVISORY" S.R.L. (trading as Monetoli), a company registered in the Republic of Moldova, collects, uses, discloses, and protects your personal information when you use our financial management platform at https://app.monetoli.com. We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA). By using our Service, you acknowledge that you have read and understood this Privacy Policy. --- ## 2. Data Controller The data controller responsible for your personal data is: **"DIGITAL ADVISORY" S.R.L. (trading as Monetoli)** Chisinau, str. Socoleni 10, Republic of Moldova **Contact for Privacy Matters:** Email: hello@monetoli.com For GDPR-related inquiries, you may contact us at the above email address. --- ## 3. Data We Collect We collect and process the following categories of personal data: ### 3.1 Personal Information Information you provide directly when creating an account or using the Service: | Data Type | Purpose | |-----------|---------| | Email address | Account creation, communication, authentication | | Full name | Account identification, personalization | | Username/display name | User identification within the Service | | Country and state | Localization, legal compliance, currency defaults | | Time zone | Display preferences, scheduling | | Profile picture (optional) | Account personalization | | Currency preference | Default currency for transactions | ### 3.2 Financial Data Information contained in documents you upload to the Service: | Data Type | Purpose | |-----------|---------| | Bank statements (PDF files) | Core service functionality | | Transaction details (amounts, dates, descriptions) | Spending analysis and categorization | | Account numbers (partial/masked) | Statement identification | | Account holder names | Statement verification | | Merchant and counterparty information | Transaction categorization | | Currency information | Multi-currency support | **Important:** We process financial data solely to provide the Service. We do not sell financial data or use it for purposes unrelated to the Service. ### 3.3 Usage Data Information collected automatically when you use the Service: | Data Type | Purpose | |-----------|---------| | Pages and features accessed | Service improvement, analytics | | Actions performed | User experience optimization | | Session duration and frequency | Service analytics | | Error logs and crash reports | Technical troubleshooting | | Feature usage patterns | Product development | ### 3.4 Technical Data Information collected automatically from your device and browser: | Data Type | Purpose | |-----------|---------| | IP address | Security, fraud prevention, geolocation | | Browser type and version | Compatibility, troubleshooting | | Device information | Service optimization | | Operating system | Compatibility | | Referral source | Marketing analytics | ### 3.5 Payment Data Information related to your subscription: | Data Type | Purpose | |-----------|---------| | Subscription status | Account management | | Billing history | Payment records | | Payment method type | Transaction processing | **Note:** Payment processing and billing is handled by **LemonSqueezy LLC ("Lemon Squeezy")**, our Merchant of Record. Full payment card details are processed directly by Lemon Squeezy and are never stored on our servers. Lemon Squeezy's own [Privacy Policy](https://www.lemonsqueezy.com/privacy) governs data they collect in connection with payment processing. --- ## 4. How We Use Your Data We use your personal data for the following purposes: ### 4.1 Providing the Service - Processing and analyzing uploaded bank statements - Extracting and categorizing transactions - Generating spending reports and insights - Managing your account and subscriptions - Providing customer support ### 4.2 Service Improvement (with your consent) We may use anonymised and aggregated data derived from your usage to improve the Service, including refining our AI and machine learning models. We will **not** use your identifiable financial data to train AI models without your explicit prior consent. You may withdraw such consent at any time by contacting us at support@monetoli.com. ### 4.3 Communication - Sending service-related notifications - Responding to your inquiries and support requests - Providing updates about the Service - Sending marketing communications (only with your prior consent) ### 4.4 Security and Fraud Prevention - Protecting against unauthorized access - Detecting and preventing fraudulent activity - Maintaining the integrity of the Service - Complying with legal obligations ### 4.5 Legal Compliance - Complying with applicable laws and regulations - Responding to legal requests and court orders - Enforcing our Terms and Conditions - Protecting our legal rights --- ## 5. Legal Basis for Processing (GDPR) For users in the EEA, we process personal data based on the following legal grounds: ### 5.1 Contractual Necessity (Article 6(1)(b) GDPR) Processing necessary to perform our contract with you: - Account creation and management - Processing bank statements and transactions - Subscription management and billing - Customer support ### 5.2 Legitimate Interests (Article 6(1)(f) GDPR) Processing based on our legitimate interests, balanced against your rights: - Security and fraud prevention - Business operations and administration - Aggregate and anonymised service analytics ### 5.3 Consent (Article 6(1)(a) GDPR) Processing based on your explicit consent: - Marketing communications - Non-essential analytics and tracking cookies - Use of your identifiable data for AI model training or improvement You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. To withdraw, contact us at support@monetoli.com or use your account settings. ### 5.4 Legal Obligation (Article 6(1)(c) GDPR) Processing necessary to comply with legal requirements: - Tax and accounting records - Responding to legal requests - Regulatory compliance --- ## 6. Third-Party Service Providers We share data with third-party service providers who assist us in operating the Service. These providers process data on our behalf and are bound by contractual obligations (including Data Processing Agreements where required by GDPR) to protect your data. ### 6.1 Named Service Providers | Provider | Category | Purpose | Data Shared | |----------|----------|---------|-------------| | **Auth0 (Okta, Inc.)** | Authentication | Secure login and identity management | Email, name, authentication credentials | | **LemonSqueezy LLC** | Payment / Merchant of Record | Subscription billing and payment handling | Email, name, billing information | | **Google Cloud Platform** | Cloud infrastructure & AI | Document storage, processing, and AI extraction | Uploaded files, extracted transaction data | | **Google Document AI** | AI/ML | Automated text and data extraction from bank statements | Document content | | **Google Analytics** | Analytics | Usage statistics and service improvement | Anonymised usage data, IP address (anonymised) | | **LogRocket** | Session monitoring | Error detection and user experience improvement | Session recordings, error logs | ### 6.2 Changes to Service Providers The specific third-party providers we use may change over time as we improve our Service. We maintain appropriate data processing agreements with all providers and will update this Privacy Policy to reflect material changes in our data sharing practices. ### 6.3 Other Disclosures We may also disclose your data: - To comply with legal obligations or valid legal processes - To protect our rights, property, or safety, or that of others - In connection with a merger, acquisition, or sale of assets (with notice to you) - With your explicit consent --- ## 7. AI and Automated Processing ### 7.1 Use of AI Technologies Our Service uses artificial intelligence and machine learning technologies to: - Extract text and structured data from uploaded documents - Automatically categorize transactions - Enhance and normalize transaction descriptions - Identify merchants and counterparties - Generate spending insights and analytics ### 7.2 How AI Processing Works When you upload a bank statement: 1. The document is sent to Google Document AI for text extraction 2. Extracted data is processed to identify transactions 3. AI systems categorize transactions and enhance descriptions 4. Processed data is stored in your account and presented to you ### 7.3 Human Oversight While our processing is largely automated, we maintain human oversight to: - Review and improve AI model accuracy - Handle edge cases and errors - Respond to user feedback about categorization ### 7.4 Your Rights Regarding Automated Processing Under GDPR Article 22, you have the right: - To obtain human intervention for significant automated decisions - To express your point of view regarding automated processing - To contest decisions made solely by automated means Our automated processing primarily assists in data extraction and categorization. It does not make decisions with significant legal or similar effects on you. ### 7.5 AI Provider Changes We may change our AI service providers and technologies to improve accuracy, reduce costs, or for other business reasons. Such changes do not affect your rights or our obligations regarding your data. --- ## 8. Data Retention ### 8.1 Retention Periods We retain your data for as long as necessary to fulfill the purposes described in this Privacy Policy: | Data Category | Retention Period | |---------------|------------------| | Account information | Duration of account + 3 years after deletion | | Uploaded bank statements | Duration of account + 30 days after deletion | | Processed transaction data | Duration of account + 30 days after deletion | | Usage and analytics data | 2 years from collection | | Payment and billing records | 7 years (legal requirement) | | Support communications | 3 years from resolution | | Marketing consent records | Duration of consent + 3 years | ### 8.2 Deletion After the retention period expires, we securely delete or anonymize your data. You may request earlier deletion of your data by contacting support@monetoli.com, subject to our legal obligations. ### 8.3 Backup Data Backup copies may be retained for a limited additional period for disaster recovery purposes and will be deleted in accordance with our backup rotation schedule. --- ## 9. International Data Transfers ### 9.1 Data Storage Location Your data is stored on Google Cloud Platform infrastructure located in the European Union. We take steps to keep your personal data within the EEA wherever practicable. ### 9.2 Transfers Outside the EEA Some of our service providers (for example, certain support personnel and sub-processors) may be located outside the EEA, including in the Republic of Moldova and the United States. For any such transfers, we ensure appropriate safeguards are in place: - **Standard Contractual Clauses (SCCs):** We use EU-approved SCCs with our service providers located in countries without an EU adequacy decision. - **Adequacy Decisions:** Where applicable, we rely on EU adequacy decisions. - **Additional Security Measures:** We implement technical and organizational measures to protect data in transit and at rest. ### 9.3 Your Rights You may request information about the specific safeguards applied to your data transfers by contacting us at hello@monetoli.com. --- ## 10. Your Rights (GDPR) If you are in the EEA, you have the following rights under GDPR: ### 10.1 Right of Access (Article 15) You have the right to obtain confirmation of whether we process your personal data and to access that data, including the purposes of processing, categories of data, recipients, and retention periods. ### 10.2 Right to Rectification (Article 16) You have the right to correct inaccurate personal data and to complete incomplete data. ### 10.3 Right to Erasure (Article 17) You have the right to request deletion of your personal data when the data is no longer necessary for its original purpose, you withdraw consent, or the data was unlawfully processed. ### 10.4 Right to Restriction (Article 18) You have the right to restrict processing of your data in certain circumstances, such as when you contest its accuracy or have objected to processing. ### 10.5 Right to Data Portability (Article 20) You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller. ### 10.6 Right to Object (Article 21) You have the right to object to processing based on legitimate interests. We will cease processing unless we have compelling legitimate grounds that override your interests. ### 10.7 Right to Withdraw Consent Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. ### 10.8 Right to Lodge a Complaint You have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your residence, place of work, or place of the alleged infringement. ### 10.9 Exercising Your Rights To exercise any of these rights, please contact us at support@monetoli.com. We will respond to your request within 30 days. We may ask for identification to verify your identity. --- ## 11. Cookies and Tracking Technologies ### 11.1 Types of Cookies We Use | Cookie Type | Provider | Purpose | Duration | |-------------|----------|---------|----------| | **Essential** | Auth0 (`auth0.*`) | Authentication session management | Session | | **Essential** | Internal | User preferences, language settings | Persistent | | **Analytics** | Google Analytics (`_ga`, `_gid`) | Usage statistics — only with your consent | Up to 2 years | | **Monitoring** | LogRocket | Session recording for error tracking — only with your consent | Session | ### 11.2 Cookie Consent We only set non-essential cookies (analytics, monitoring) where permitted by applicable law and, where required, after you have given explicit consent. You can manage or withdraw cookie consent at any time through your browser settings or by clearing your browser cookies. ### 11.3 Local Storage We use browser local storage to store authentication tokens, user preferences, and cached account data for performance. ### 11.4 Managing Cookies You can manage cookie preferences through your browser settings or via the consent mechanism described above. Disabling essential cookies may prevent you from logging in. ### 11.5 Do Not Track We currently do not respond to "Do Not Track" browser signals. You can limit non-essential tracking through your browser settings as described above. --- ## 12. Data Security ### 12.1 Security Measures We implement appropriate technical and organizational measures to protect your personal data, including: - Encryption of data in transit (TLS 1.2+) - Encryption of data at rest (AES-256) - Role-based access controls and authentication - Regular security assessments - Employee data protection training - Incident response procedures ### 12.2 Third-Party Security We require our service providers to maintain appropriate security measures and enter into data processing agreements that include security obligations. ### 12.3 Data Breach Notification In the event of a personal data breach that poses a risk to your rights and freedoms, we will: - Notify the relevant supervisory authority within 72 hours of becoming aware of the breach - Notify affected users without undue delay if the breach poses a high risk - Document the breach and our response ### 12.4 Your Security Responsibilities You are responsible for maintaining the security of your account credentials, logging out of shared devices, and notifying us of any suspected unauthorized access at support@monetoli.com. --- ## 13. Children's Privacy The Service is not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18. If we discover that we have collected data from a child under 18, we will delete it promptly. If you believe we have collected data from a child under 18, please contact us at support@monetoli.com. --- ## 14. Changes to This Privacy Policy ### 14.1 Policy Updates We may update this Privacy Policy to reflect changes in our data practices, new features, legal requirements, or changes in our service providers. ### 14.2 Notification of Changes We will notify you of material changes by posting the updated Privacy Policy on our website, updating the "Last Updated" date, and sending an email notification for significant changes. ### 14.3 Review and Acceptance Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. For material changes that affect how we use your data, we will seek fresh consent where required by law. --- ## 15. Contact Us If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: **Monetoli** - **Privacy & Data Requests:** support@monetoli.com - **General Contact:** hello@monetoli.com - **Mailing Address:** Chisinau, str. Socoleni 10, Republic of Moldova - **Website:** https://monetoli.com We aim to respond to all privacy-related inquiries within 30 days. --- ## 16. Additional Information for Specific Jurisdictions ### 16.1 European Economic Area (EEA) This Privacy Policy is designed to comply with GDPR. EEA residents have additional rights as described in Section 10. ### 16.2 United Kingdom Following Brexit, UK data protection is governed by the UK GDPR and Data Protection Act 2018. UK residents have similar rights to those described for EEA residents. ### 16.3 California (USA) California residents may have additional rights under the California Consumer Privacy Act (CCPA): - You have the right to know what personal information we collect - You have the right to request deletion of your personal information - You have the right to opt-out of the sale of personal information (we do not sell personal information) - You will not be discriminated against for exercising your rights --- *This Privacy Policy was last updated on March 29, 2026.* *By using Monetoli, you acknowledge that you have read and understood this Privacy Policy.*